Policy approaches to the encryption debate

To move past the current impasse on the debate over encryption “backdoors,” we identify three real-world questions to be answered: whether a need for a backdoor has been demonstrated, whether a satisfactory technical backdoor system exists, and whether lawmakers can construct policy that manages the tradeoffs of implementing that technical system in practice. While current facts indicate that all these questions will be answered in the negative for the time being, these three questions are amenable to evidence-based discussion and experimentation, and should represent the way to make progress in the current debate.Top Points:

The current encryption discussion is at a standstill because it is largely focused on theory and hypotheticals.

A real-world approach based on empirical evidence would help to move the discussion forward.

To assess the need for an encryption backdoor, we recommend data collection to identify objective statistics on cases or investigations where a backdoor would have had an impact.

We also recommend increased law enforcement training on digital investigation techniques that, if used fully, would likely obviate the need for a backdoor.

To determine whether there is a passable technical backdoor system, we recommend an adversarial testing process, involving peer review of proposed systems.

To identify policy problems and solutions that would arise in putting a technical backdoor system into actual use, we recommend scenario planning to find likely points of failure or other difficulties in implementation.

These three questions must all be answered positively before a backdoor can be adopted.

It is highly unlikely, in our view given current facts, that all three can be answered positively.

The key benefit of this framework is that it poses questions that can be answered by evidence, experimentation, and discussion of the real world beyond theory.